Community

Article

Data Processing Agreement

Data Processing Agreement

A Data Processing Agreement (DPA) is the contract between a data controller and a data processor required by GDPR Article 28 and similar privacy regulations. The controller is the company that decides why and how personal data is processed; the processor is the vendor that handles data on the controller's behalf. The DPA specifies what security measures the processor will maintain, what the processor can and cannot do with the data, breach notification procedures, sub-processor restrictions, and data subject rights handling. DPAs are mandatory whenever a vendor processes personal data on behalf of a company subject to GDPR (or analogous regulations like CCPA). If a vendor handles personal data of your EU users, you...


Comments
 
Copyright © 2026 Startups.com LLC. All rights reserved.